CVE-2025-62267

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-62267

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62267.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-62267

Aliases

GHSA-q285-wfpg-93hr

Published

2025-10-31T19:15:50Z

Modified

2025-11-12T03:35:03Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle Name, or (3) Last Name text field.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62267

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

e0d71ab52dfa2c3fc906a1014d305aa547826383

Fixed

b8c35409971bf2f43bb7e28bd1638daab05ce6fa